Commit b24fe6b6 authored by Frediano Ziglio's avatar Frediano Ziglio
Browse files

quic: Avoid possible buffer overflow in find_bucket

Proved by fuzzing the code.

Signed-off-by: Frediano Ziglio's avatarFrediano Ziglio <>
Acked-by: Uri Lublin's avatarUri Lublin <>
parent ef1b6ff7
......@@ -103,7 +103,12 @@ static s_bucket *FNAME(find_bucket)(Channel *channel, const unsigned int val)
spice_extra_assert(val < (0x1U << BPC));
return channel->_buckets_ptrs[val];
/* The and (&) here is to avoid buffer overflows in case of garbage or malicious
* attempts. Is much faster then using comparisons and save us from such situations.
* Note that on normal build the check above won't be compiled as this code path
* is pretty hot and would cause speed regressions.
return channel->_buckets_ptrs[val & ((1U << BPC) - 1)];
#undef FNAME
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment